I have been working on building a resilient VPN architecture for our monitoring network. One of the stipulations was that it was not to use GRE tunnels and must be capable of terminating at any number of peer VPN devices on the customers network. Routing must work automatically and no manual intervention is required. The problem you get with using plain IPSEC tunnels is that first you need some way of knowing if the tunnel is up. Then you have to adjust the routing on the customer side so that traffic destined to your network exits their network via the router with the currently active IPSEC tunnel. This is not an easy task and has taken a while to come up with some workable designs to deploy. I have settled on IPSEC HA in our datacentre and using Reverse route injection on the customer network to push our subnets into their dynamic routing protocol. I will go through the RRI solution in the next post for now lets have a look at the IPSEC HA configuration. IPSEC HA is available on the ...